If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

and after compilation and (re)installation it works great. Then, run the script as it and you'll see the usage.

$ sudo perl deauth.pl

My script spy the specified client and server network traffic, get the values of ack_seq & seq flags and send to the server, with them, a network packet with the RST flags activate (this RST packet masquerade as the client). If the connection is in ETABLISHED state, my script re-send another RST packet to the client (this RST packet masquerade as the server).

You must obviously be able to sniff the traffic between the targets for my tool works (you should have understood from reading above).

It works in various network environments, not only in localhost!But if you work in localhost (127.0.0.1), specify "lo" as network interface.

For example: i've a localhost SSH server and i'm connected to it. I run my Perl script, it waits for network traffic. When i press a key on my SSH shell, i'm disconnected.

Re: TCP-Deauth v0.4

I'd also like to see how you plan to break the TCP connection if, for example, you have server(192.168.1.1), client(192.168.1.2) and attacker(192.168.1.3), and perhaps some documentation on how/why this works, and possible workarounds for it.

Other than that the script is cleanish and simple for anyone who wants to have a read through, with enough explanations on the datenterrorist link to get you through if you need the help.

Still not underestimating the power...

There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Re: TCP-Deauth v0.4

Thanks for the link, i don't know it, and for your advices.

Originally Posted by Gitsnik

I'd also like to see how you plan to break the TCP connection if, for example, you have server(192.168.1.1), client(192.168.1.2) and attacker(192.168.1.3), and perhaps some documentation on how/why this works, and possible workarounds for it.

My little Perl script works great in the environment that you have suggested: server(192.168.1.1), client(192.168.1.2) and attacker(192.168.1.3). Try it.

I use Net::RawIP because it is sufficient. We need nothing more to do it. I agree with you, it's the bare minimum, but it does what i explain.

Re: Re : TCP-Deauth v0.4

Yes, it's why i only used Net::RawIP CPAN module, which is given with all minimal Perl installation.

And how do you expect to get all this traffic on a switched network with only the "tcp and src $sip and dst $cip etc." filter?

That same filter should be applied to tcpdump to see how if it works at picking up all network traffic - It does not unless I slap everything into a hub and run them from there (or MiTM the lot). This is switching-network-traffic-101. If it was as easy as firing up tcpdump we'd never have come up with the masses of MiTM tools we have.

Still not underestimating the power...

There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.